Privacy Policy
Introduction
Black Lion Innovations Group Ltd. (“Black Lion,” “we,” “us,” or “our”) is committed to maintaining the privacy and security of all personal data collected. This Data Protection Policy outlines how we comply with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). By using Black Lion’s platform, users agree to this policy and consent to the data practices described.
Data Collection and Processing
1. Personal Identifiers:
Name, contact information, date of birth, and professional details.
2. Financial Information:
Bank account details and payment transaction data.
3. Music and Creative Asset Information:
Data related to music ownership, earnings, and associated metadata.
4. Technical Data:
IP addresses, device identifiers, browser type, operating system, and usage analytics.
5. Communications:
Any messages or feedback provided through customer service channels
We collect data directly from users, automatically through cookies and analytics, and, where applicable, from third-party integrations.
Data Protection Principles
1. Lawfulness, Fairness, and Transparency:
Processing is done lawfully, with transparency to users.
2. Purpose Limitation:
Data is collected only for specific, legitimate purposes and not processed further in incompatible ways.
3. Data Minimisation:
We limit data to only what is necessary for our services.
4. Accuracy:
We take steps to keep personal data accurate and up-to-date.
5. Storage Limitation:
Data is retained only as long as needed for its purpose or as required by law.
6. Integrity and Confidentiality:
We use technical and organisational measures to protect data from unauthorized access or loss.
Lawful Basis for Processing
1. Consent:
When users give explicit permission for data processing.
2. Contractual Necessity:
To fulfill our contractual obligations to users.
3. Legitimate Interests:
To improve our services, secure our platform, and provide user support.
Data Subject Rights
1. Access:
To request access to their personal data and information on how it is processed.
2. Rectification:
To correct inaccurate data.
3. Erasure:
To request deletion of their data, under specific conditions.
4. Restriction:
To restrict the processing of their data under certain circumstances.
5. Data Portability:
To obtain and transfer their data to another service.
6. Objection:
To object to data processing for direct marketing or profiling.
7. Automated Decision-Making and Profiling:
Users have rights related to automated processing of their data.
Users may exercise their rights by contacting us at privacy@blacklionapp.com. We will respond to Data Subject Access Requests (DSARs) within one month.
Security Measures
1. Encryption:
For data at rest and in transit.
2. Access Control:
Role-based access limitations to sensitive data.
3. Regular Security Audits:
To identify and resolve potential vulnerabilities.
4. Incident Response:
Documented procedures to respond to data breaches, including notification to the ICO within 72 hours if necessary and to affected individuals if required.
Data Breach Procedures
1. ICO Notification:
We will notify the Information Commissioner’s Office if required within 72 hours of becoming aware of a breach.
2. User Notification:
Affected individuals will be informed if the breach poses a high risk to their rights and freedoms.
3. Corrective Action:
Black Lion will take steps to address the breach and prevent recurrence.
Data Transfers
Black Lion may transfer personal data outside the UK or EEA, ensuring that safeguards such as standard contractual clauses are in place. We ensure that any international transfers comply with UK data protection standards.
Data Protection Impact Assessments (DPIAs)
Black Lion will conduct DPIAs for any high-risk processing activities. DPIAs will assess risks to personal data and outline measures to minimize potential harm.
Data Protection Fee
As a registered data controller, Black Lion pays an annual data protection fee to the ICO to fulfill its legal obligations.